Slashdot Mirror

← Back to Stories (view on slashdot.org)

EULAs For Malware

Posted by kdawson on from the must-read-russian dept.

I Don't Believe in Imaginary Property writes "The authors of the Zeus malware have added an end-user license agreement to their product. The buyer is, of course, permitted to infect as many computers with Zeus as they please, but they have no right to distribute it for 'any business or commercial purpose not connected with this sale,' and they can't examine the source, use it to control non-Zeus botnets, or send it to anti-virus companies. Oh, and they commit to paying for future upgrades, too — wouldn't Microsoft love to be able to add that term to their EULA. While it seems silly to imagine Zeus's authors going to the authorities for violations of this EULA, if they're anything like the Russian Business Network, they probably have an extra-judicial means of contract enforcement named Ivan. That said, this is by no means the first EULA-encrusted malware."

25 of 105 comments (clear)

  1. astala-vista by Axe4ever · · Score: 2, Funny

    astala - vista - baby

    1. Re:astala-vista by Anonymous Coward · · Score: 2, Interesting

      Clearly you haven't heard of Astalavista (might have been .com, not sure), taking the piss out of Altavista back when people still used it.. Twas a warez and serials site which eventually became overrun by popups, spyware, malware and other general nasties. In it's place became asta-killer against all the nasties, although most of it's sites linked now distribute as many as they can..

  2. New management: by Fluffeh · · Score: 4, Insightful

    My guess is that the original Malware was written by some nerd who wanted to make a few bucks, but the operation was taken over by a bigger boss who saw more of the picture - and the EULA is trying ti bolster the apparent legitimacy of what they are doing - or in some way provide the weakest of weak arguments to try to sue someone later who does a better job of what they are trying to do now.

    While I want to stab em with a sharp stick like the next guy, got to say that they are covering all their bases nicely.

    --
    Moved to http://soylentnews.org/. You are invited to join us too!
    1. Re:New management: by Frosty+Piss · · Score: 2, Insightful

      ...to try to sue someone later who does a better job of what they are trying to do now.
      How can you sue someone for doing a "better" job of an illegal thing based on an illegal thing you are doing? Isn't that like calling the cops to report that someone stole some dope from you?
      --
      If you want news from today, you have to come back tomorrow.
    2. Re:New management: by ajs318 · · Score: 2, Insightful

      You need to know what people really mean when they call the police .....

      "A man in a black Ford Escort wound his window down and offered to sell me some crack". Translation: I paid some money to a man in a black Ford Escort for some dope, and he drove off laughing.

      "They're serving under-age kids in the Lion". Translation: The barmaid in the Lion asked me for ID, which I haven't got because I'm under-age, but she served someone else who is younger than me.

      --
      Je fume. Tu fumes. Nous fûmes!
  3. Re:Removing malware == DMCA violation, the next st by Fluffeh · · Score: 2, Interesting

    I can't imagine anyone enforcing an agreement contract (in this case EULA) that is installed without the user actually consenting it to be installed?

    I mean, if you knowingly install something that snoops on your system and agree to the EULA you need to be kicked in the proverbials, but if something sneaks onto your system without you knowing about it what chance does any user agreement have?

    Personally, I would like to see someone take Zeus to court about intrusion of their system. Wonder what the outcome would be.

    --
    Moved to http://soylentnews.org/. You are invited to join us too!
  4. Re:Not Ivan ... by s0litaire · · Score: 3, Interesting

    hell.... EVERY E.U.L.A. is invalid. You can't agree to a licence if it's inside a shrink wrapped box before you buy it!...... You can't use the software unless you agree to the EULA. The only way to agree to the EULA is to read it. Only way to read it is to open the Box. By opening the box you Agree to the EULA. Catch 22 without a law degree.

    --
    Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
  5. Re:Removing malware == DMCA violation, the next st by RiotingPacifist · · Score: 4, Interesting
    Actually the EULA only applies to the company that buys the malware to distribute it.

    GP is answered by

    In cases of violations of the agreement and being detected, the client loses any technical support. Moreover, the binary code of your bot will be immediately sent to antivirus companies. which covers the people the sell the botnet too, while i think that the article has a point when it says:

    Data thieves and malware authors aren't going to win any "Most Likely to Respect Intellectual Property" competitions Assuming that Zeus offers bespoke spyware for companies, or at least different enough that anti-virus companies cant detect them all from one sample (this is where its tricky because once the AV company has one sample they'll be able to figure out the rest), it is quite a good threat:
    if your big enough to pay for mallware
    your going to be big enough to do something with your network
    your not going to risk loosing your network

    Infact this seams like a bigger threat than most EULA, your hitting them hard, unfortunately I think its just as flawed as a normal EULA, its simply impossible to enforce ( i mean vista not on virtualisation, mac on apple only hardware, it just dosent work)

    Perhaps Zeus would be better off by making its money through some shady anti-zeus company that offers 100% protection from zeus.
    --
    IranAir Flight 655 never forget!
  6. A EULA for Malware? by suck_burners_rice · · Score: 3, Funny

    If, as suggested in this article's hypothetical situation, Microsoft were to write a EULA for malware, it would be pretty ridiculous. Oh, wait...

    --
    McCain/Palin '08. Now THAT's hope and change!
  7. Re:Removing malware == DMCA violation, the next st by cobaltnova · · Score: 2, Interesting

    Every time I have opened up a computer and started it up, I have been forced to click "Yes, I accept these license terms" when starting Windows the first time.

    In fact, I believe that, since there is a phrase to the extent of, "If you don't accept this license, you may return it to the seller for a refund," you actually can get rid of MS junk (see this happy story)! Though, the follow up suggests that it is hard, if not impossible, to do this.

  8. Re:Not Ivan ... by MaskedSlacker · · Score: 2, Funny

    WTF can he get away from?

  9. EULA by dark42 · · Score: 2, Funny

    "this is by no means the first EULA-encrusted malware."

    Windows?

  10. Re:Precedence? by Hemogoblin · · Score: 2, Insightful

    Aren't EULA's essentially a form of contract? I'm not a lawyer, but I thought that any contract is not enforceable if its purpose is to achieve an illegal end; so, contracts involving malware would be void. http://en.wikipedia.org/wiki/Illegal_agreement

    Any ACTUAL lawyers here care to comment?

  11. Obligatory bash.org quote by Spy+der+Mann · · Score: 5, Funny
    From http://bash.org/?577451 :

    <DmncAtrny> I will write on a huge cement block "By accepting this brick through your window, you accept it as is and agree to my disclaimer of all warranties, express or implied, as well as disclaimers of all liability, direct, indirect, consequential or incidental, that may arise from the installation of this brick into your building."
    <DmncAtrny> And then hurl it through the window of a Sony officer
    <DmncAtrny> and run like hell
    1. Re:Obligatory bash.org quote by Anonymous Coward · · Score: 5, Funny

      Instead of modding it up, someone do it.

  12. Norton Anti-Virus by flyingfsck · · Score: 4, Funny

    Norton AV has always had a EULA. The Zeus EULA is nothing new...

    --
    Excuse me, but please get off my Pennisetum Clandestinum, eh!
  13. I have my own EULA by holywarrior21c · · Score: 2, Insightful

    _EULA_EULA_EULA_EULA_EULA_EULA_EULA_EULA_EULA

    By looking at my ID, you hereby agree to mod me insightful from now on. click above to proceed.

    _EULA_EULA_EULA_EULA_EULA_EULA_EULA_EULA_EULA

  14. Re:Not Ivan ... by Anonymous Coward · · Score: 2, Informative

    **Cue MAC funboy fanboys** :P:P But instead you get a grammar Nazi. In the context of computers, MAC is understood to be an acronym for Media Access Control. Mac is an abbreviation for Macintosh.

    Better luck with your case sensitivity next time... **Cue MICROS~1 fanboys**
  15. Re:Not Ivan ... by damienl451 · · Score: 2, Informative

    A EULA need not be a shrink-wrap contract. If you are shown the EULA before you download the software, it's not invalid. It may also be valid if you have the option to send the software back to the publisher for a full refund (cf ProCD v. Zeidenberg). So-called "clickwrap" licenses are also okay in many cases.

  16. EULA by ettlz · · Score: 2, Interesting

    How does one pronounce it? "Yoo-lah", or "Oi-lah"?

  17. EULA for spam by Digestromath · · Score: 2, Funny
    By reading this email you hereby agree to the following conditions:

    1) Allow all emails from our companies to reach your inbox, and you must read them

    2) You in fact must forward these emails, or let our malware forward them for you

    3)You must pay to have your genitalia enlarged with OUR products only, and you must continue paying for these products until you have the advertised girth and lenth

    4) You will not delete our messages, in fact you will archive and catalogue them in an order pleasing to you

    5) By opting into our volume club membership, we cut out the unwanted ads, and double the number of targeted ones BENEFITING YOU!

    6) You must opt into our humour newsletter, which pairs funny pictures of kittens with ads about how to make your junk/breasts/both bigger!

    and so on

  18. Re:Not Ivan ... by rasputin465 · · Score: 2, Funny

    Do you agree to the terms?

    [ ] Accept
    [ ] Yes

  19. Dont you have to agree to an EULA ? by Saint+Gerbil · · Score: 2, Interesting

    Does it come up with a "I Agree" "I Disagree" buttons like all other programs now ? if so it would effect its spread rate since people would be able to disagree and therefore it should not install, or if you don't get the option to disagree or read it then it would cause problems when enforcing it legally.

  20. Re:Not Ivan ... by stoofa · · Score: 2, Funny

    Yes, it certainly isn't not one.

  21. Re:Not Ivan ... by Zeinfeld · · Score: 2, Interesting

    Some clauses of some EULAs are enforceable. But many are not. But this particular EULA is clearly unenforceable (under common law at least) as the courts do not adjudicate disputes arising from criminal conduct. There is an ancient case where one thief sued another for failing to pay him his share of two pocket watched they stole. I don't think they expect the EULA to be observed. They would be fools to expect that as they spend more time ripping each other off than their intended victims (no honor amongst thieves). It is probably more of an attempt to gain notoriety by aping the business practices of legitimate companies.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/